package com.gress.shop.shiro;

import com.gress.shop.bo.Member;
import com.gress.shop.bo.MemberActionRelation;
import com.gress.shop.bo.Role;
import com.gress.shop.service.IActionService;
import com.gress.shop.service.IRoleService;
import com.gress.shop.service.inner.IMemberInternalService;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.util.CollectionUtils;

import javax.annotation.Resource;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import java.util.Set;


/** TODO 认证授权
 * Created by xiongwen on 2017/8/30.
 */
public class ToolRealm extends AuthorizingRealm {


    @Resource
    private IMemberInternalService memberInternalService;
    @Resource
    private IRoleService roleService;
    @Resource
    private IActionService actionService;

    @Override
    public void setName(String name) {
        super.setName("Boss_Tool_Realm");
    }

    /**
     * @param authenticationToken
     * @Date: 17:11 2018/3/4
     * @Description:
     * @return: 用户认证
     */
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        UsernamePasswordToken upToken = (UsernamePasswordToken)authenticationToken;
        String email = upToken.getUsername();
        if (email == null) {
            throw new UnknownAccountException("Null alis are not allowed by this realm.");
        }
        Member member = memberInternalService.queryByEmail(email);
        if (member == null) {
            throw new UnknownAccountException("Null alis are not allowed by this realm.");
        }
        String password = member.getPassword();
        SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(member, password, this.getName());
        return info;
    }

    /**
     * @param principalCollection
     * @Date: 17:10 2018/3/4
     * @Description:
     * @return: 用户权限
     */
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        Member nobleUser = (Member) principalCollection.getPrimaryPrincipal();
        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
        String email = nobleUser.getEmail();
        //角色
        Role role = roleService.queryByMemberId(email);
        if (role != null) {
            Set roleSet = new HashSet();
            roleSet.add(role.getRoleCode());
            info.setRoles(roleSet);
        }
        // 权限
        List<MemberActionRelation> memberActionRelations = actionService.queryRelationByEmail(email);
        if (!CollectionUtils.isEmpty(memberActionRelations)) {
            Set<String> permission = new HashSet<>();
            memberActionRelations.forEach(e -> permission.add(e.getAction().getActionCode()));
            info.setStringPermissions(permission);
        }
        return info;
    }


}
